wallet-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md commands (e.g., "zerion analyze " and "zerion history ") explicitly fetch portfolio data and parsed transactions from Zerion's public API/x402 (dashboard.zerion.io / x402) for arbitrary ENS/0x addresses, thereby ingesting untrusted, user-generated on-chain content that the agent reads and uses to drive analysis and decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is primarily read-only analysis, but it explicitly supports a pay-per-call mode that "Pays $0.01 USDC per request on Base" and states "the agent's wallet handles payment automatically via the x402 protocol." That is a specific crypto payment integration that causes on‑chain transfers (signing/sending payments) from the agent's wallet, which meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for direct financial execution.